On Tue, 05 Mar 2024 16:20:48 +0800, Lee, Chun-Yi wrote:
> This patch is against CVE-2023-6270. The description of cve is:
>
> A flaw was found in the ATA over Ethernet (AoE) driver in the Linux
> kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on
> `struct net_device`, and a use-after-free can be triggered by racing
> between the free on the struct and the access through the `skbtxq`
> global queue. This could lead to a denial of service condition or
> potential code execution.
>
> [...]
Applied, thanks!
[1/1] aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
commit: f98364e926626c678fb4b9004b75cacf92ff0662
Best regards,
--
Jens Axboe
